<?php
include_once "db_con.php";
session_start();
if (isset($_SESSION["username"]))
{
	$user = $_SESSION["username"];
}
else
{
	$user = $_POST["name"];
}
if (isset($_SESSION["password"]))
{
	$pass = $_SESSION["password"];
}
else
{
	$pass = $_POST["pwd"];
}
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);

$query = "	SELECT COUNT(*) as NUM
			FROM login
			WHERE user_name like '%" . $user . "%'
				AND account_pass like '%" . sha1($pass) . "%';";

$result = mysql_query($query);

$row = mysql_fetch_array($result);

if ($row['NUM'] > 0 && strlen($user) > 0 && strlen($pass) > 0)
{
	if ($row['NUM'] != 1)
	{
		error_log("Login:  Multiple valid users.");
	}
	$_SESSION["username"] = $user;
	$_SESSION["password"] = $pass;
}
else
{
	$_SESSION['message'] = "Invalid username / password combination.";
	session_destroy();
	header("Location:login.php");
}

?>
